Re: [PATCH] obscure password

HIROSHIMA Naoki <nh-svn@iron-horse.org> writes:
> kfogel@collab.net wrote:
> > Thanks for the patch. This topic has come up before, as you might
> > imagine, and we've decided not to obscure the password, because it
> > might give a false sense of security (the directory's permissions
> > protect the password, of course).
>
> Since it's your (unfortunate IMHO) decision, I don't argue with that.
>
>
> > There's nothing hacky about your solution, and "perfectionism" doesn't
> > really enter into it. It's just that we don't want to appear to be
> > giving more security than we actually do.
>
> Fair enough. But if you would really want to appear as insecure as it
> is, I would like to suggest two things.
>
> 1) add a note in the explanation of "store-passwords" in .subversion/config.
>
> 2) make "store-passwords" default to "no".
>
> In this way, people, who might find being asked their password every
> time very annoying, will need to find that "store-passwords = yes" is
> needed to avoid it. And the note like, say, "Your password will be
> stored in cleartext in ~/.subversion/auth/..." will be given to them.
>
> In current way, many people don't even realize that their password is
> being stored in plaintext. Giving no information might be better than
> giving a false sense but giving a note is better than giving no
> heads-up in my opinion.

I understand the arguments you are making in this mail, but they don't
seem related to your patch, which doesn't address any of them.